The knowledge complexity of interactive proof systems
SIAM Journal on Computing
CRYPTO '89 Proceedings on Advances in cryptology
Pors: proofs of retrievability for large files
Proceedings of the 14th ACM conference on Computer and communications security
Provable data possession at untrusted stores
Proceedings of the 14th ACM conference on Computer and communications security
Compact Proofs of Retrievability
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Hardware Mechanisms for Memory Authentication: A Survey of Existing Techniques and Engines
Transactions on Computational Science IV
HAIL: a high-availability and integrity layer for cloud storage
Proceedings of the 16th ACM conference on Computer and communications security
Cryptographic primitives enforcing communication and storage complexity
FC'02 Proceedings of the 6th international conference on Financial cryptography
Enabling public verifiability and data dynamics for storage security in cloud computing
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Side Channels in Cloud Services: Deduplication in Cloud Storage
IEEE Security and Privacy
Dark clouds on the horizon: using cloud storage as attack vector and online slack space
SEC'11 Proceedings of the 20th USENIX conference on Security
Proofs of ownership in remote storage systems
Proceedings of the 18th ACM conference on Computer and communications security
Intrusion-Resilience via the bounded-storage model
TCC'06 Proceedings of the Third conference on Theory of Cryptography
Perfectly secure password protocols in the bounded retrieval model
TCC'06 Proceedings of the Third conference on Theory of Cryptography
Proofs of ownership in remote storage systems
Proceedings of the 18th ACM conference on Computer and communications security
A look to the old-world_sky: EU-funded dependability cloud computing research
ACM SIGOPS Operating Systems Review
Inside dropbox: understanding personal cloud storage services
Proceedings of the 2012 ACM conference on Internet measurement conference
Boosting efficiency and security in proof of ownership for deduplication
Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security
Geolocation of data in the cloud
Proceedings of the third ACM conference on Data and application security and privacy
Weak leakage-resilient client-side deduplication of encrypted data in cloud storage
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
DupLESS: server-aided encryption for deduplicated storage
SEC'13 Proceedings of the 22nd USENIX conference on Security
Proof of retrieval and ownership protocols for enterprise-level data deduplication
CASCON '13 Proceedings of the 2013 Conference of the Center for Advanced Studies on Collaborative Research
Hi-index | 0.00 |
Cloud storage systems are becoming increasingly popular. A promising technology that keeps their cost down is deduplication, which stores only a single copy of repeating data. Client-side deduplication attempts to identify deduplication opportunities already at the client and save the bandwidth of uploading copies of existing files to the server. In this work we identify attacks that exploit client-side deduplication, allowing an attacker to gain access to arbitrary-size files of other users based on a very small hash signatures of these files. More specifically, an attacker who knows the hash signature of a file can convince the storage service that it owns that file, hence the server lets the attacker download the entire file. (In parallel to our work, a subset of these attacks were recently introduced in the wild with respect to the Dropbox file synchronization service.) To overcome such attacks, we introduce the notion of proofs-of-ownership (PoWs), which lets a client efficiently prove to a server that that the client holds a file, rather than just some short information about it. We formalize the concept of proof-of-ownership, under rigorous security definitions, and rigorous efficiency requirements of Petabyte scale storage systems. We then present solutions based on Merkle trees and specific encodings, and analyze their security. We implemented one variant of the scheme. Our performance measurements indicate that the scheme incurs only a small overhead compared to naive client-side deduplication.